Exhibitor GDPR Policy

Exhibitor GDPR Policy

Registration forms

Our registration forms contain information to the visitor about scanners and what it means to be scanned by an exhibitor or sponsor. They should be aware of having their badge scanned but you must always ask permission before scanning a badge and confirm what it means.

Data Controller

Once you scan the visitors badge (meaning  they have passed you their personal data) you become the data controller. As the data controller you should have information available on the stand as to who you are, how long you will keep data for and other items as outlined by the GDPR.

Double Opt In

There is no requirement within the GDPR to have a double opt in but it can be seen as best practice. One option would be to initially ask permission to scan the visitors badge on your stand so they pass you their data. After the event has finished email all the contacts you scanned, explain what you will use the data for and include a link to your privacy policy. At this point ask them to re affirm that they are happy for their data to be used this way and give them the chance to unsubscribe if they are not.


You can use our additional questions/barcode sheets to help you comply with GDPR by setting up a question to be used once you have asked for consent to scan their badge (IE: I am happy for my data to be used for….). Other questions can be used for how the visitor wants to be contacted i.e. email, phone, post etc.


The data you capture is held securely via a password protected online system hosted within the UK so is far more secure than capturing personal data through business card collection.

Data Retention

As a part of the GDPR we can only hold onto data as long as is necessary for the purposes of processing it, this means your leads will only be available in your online portal for 60 days after the event. We will send you reminders to download your leads before they are removed to the contact email registered.


Using our lead capture service allows you to keep the auditable records required by the GDPR. The data you download from our portal will show the event the lead was captured and the exact day and time of the scan for your record keeping.

**We are not a law firm, you should always seek your own legal advice